Overview
Syllabus
Intro
Anatomy of Electron-based Apps
Lifecycle
ContextIsolation 1/2
Electron is NOT a browser
From Browser to Electron - Attack Surface
From Browser to Electron- Isolation
Full chain exploit (Step 1)
Cross-Site Scripting
Full chain exploit (Step 2)
nodelntegration bypasses
Affected Configs
Exploits
Secure-by-Default Settings (v5)
Chromium Upgrades
Survey Results
preload - A neglected attack surface
Node's Buffer
Case Study - Wire App 1/3
Case Study - Discord 3/3
IpcMain and ipcRenderer 1/2
Leveraging the Internal Electron IPC
Case Study - (Again) Discord 3/3
Sandboxing 2/2
Native Capabilities, and Your Responsibility
Prototype Pollution - Preload
Case Study - Undisclosed 2/3
Prototype Pollution - Electron
Making Preload works with ContextIsolation
Black Hat Sound Bytes 2/3
Taught by
Black Hat